Re: Protect your network with pfSense firewall/router
Posted by: Anonymous
on October 07, 2008 03:52 AM
I've got a redundant pair for our Production firewalls. pFsense uses CARP for vip redundancy all rules automatically sync between firewalls (unless you specify otherwise).
Each firewall has 4 Nics/zones plus one for firewall sync/heartbeat.
Between our corporate network (Gb) and our production (Gb) I do notice some minor drop in thru-put ~10% but we are talking two firewall hops.
Back in the day I've installed and managed a number of different firewalls, Gauntlet, Checkpoint, Raptor, Cisco PIX, as well as linux iptables. While Idon't think most corporations will replace their $30K firewall solutions w/ pfSense anytime soon. Most businesess w/o quite that much money to throw around should consider this slightly less polished solution and a ice donaion to keep the effort moving forward.
Caveat: I found the ftp support not to my liking so I compiled jftpgw on a freebsd box and installed it along w/ the pfSense supplied djbDNS server package. I use tcpserver to keep jftpge running.